00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030 #include "polarssl/config.h"
00031
00032 #if defined(POLARSSL_AES_C)
00033
00034 #include "polarssl/aes.h"
00035 #include "polarssl/padlock.h"
00036
00037 #include <string.h>
00038
00039
00040
00041
00042 #ifndef GET_ULONG_LE
00043 #define GET_ULONG_LE(n,b,i) \
00044 { \
00045 (n) = ( (unsigned long) (b)[(i) ] ) \
00046 | ( (unsigned long) (b)[(i) + 1] << 8 ) \
00047 | ( (unsigned long) (b)[(i) + 2] << 16 ) \
00048 | ( (unsigned long) (b)[(i) + 3] << 24 ); \
00049 }
00050 #endif
00051
00052 #ifndef PUT_ULONG_LE
00053 #define PUT_ULONG_LE(n,b,i) \
00054 { \
00055 (b)[(i) ] = (unsigned char) ( (n) ); \
00056 (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
00057 (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
00058 (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
00059 }
00060 #endif
00061
00062 #if defined(POLARSSL_AES_ROM_TABLES)
00063
00064
00065
00066 static const unsigned char FSb[256] =
00067 {
00068 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
00069 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
00070 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
00071 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
00072 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
00073 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
00074 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
00075 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
00076 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
00077 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
00078 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
00079 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
00080 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
00081 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
00082 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
00083 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
00084 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
00085 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
00086 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
00087 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
00088 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
00089 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
00090 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
00091 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
00092 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
00093 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
00094 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
00095 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
00096 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
00097 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
00098 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
00099 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
00100 };
00101
00102
00103
00104
00105 #define FT \
00106 \
00107 V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
00108 V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
00109 V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
00110 V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
00111 V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
00112 V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
00113 V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
00114 V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
00115 V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
00116 V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
00117 V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
00118 V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
00119 V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
00120 V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
00121 V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
00122 V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
00123 V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
00124 V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
00125 V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
00126 V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
00127 V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
00128 V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
00129 V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
00130 V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
00131 V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
00132 V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
00133 V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
00134 V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
00135 V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
00136 V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
00137 V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
00138 V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
00139 V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
00140 V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
00141 V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
00142 V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
00143 V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
00144 V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
00145 V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
00146 V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
00147 V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
00148 V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
00149 V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
00150 V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
00151 V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
00152 V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
00153 V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
00154 V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
00155 V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
00156 V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
00157 V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
00158 V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
00159 V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
00160 V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
00161 V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
00162 V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
00163 V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
00164 V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
00165 V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
00166 V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
00167 V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
00168 V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
00169 V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
00170 V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
00171
00172 #define V(a,b,c,d) 0x##a##b##c##d
00173 static const unsigned long FT0[256] = { FT };
00174 #undef V
00175
00176 #define V(a,b,c,d) 0x##b##c##d##a
00177 static const unsigned long FT1[256] = { FT };
00178 #undef V
00179
00180 #define V(a,b,c,d) 0x##c##d##a##b
00181 static const unsigned long FT2[256] = { FT };
00182 #undef V
00183
00184 #define V(a,b,c,d) 0x##d##a##b##c
00185 static const unsigned long FT3[256] = { FT };
00186 #undef V
00187
00188 #undef FT
00189
00190
00191
00192
00193 static const unsigned char RSb[256] =
00194 {
00195 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
00196 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
00197 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
00198 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
00199 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
00200 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
00201 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
00202 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
00203 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
00204 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
00205 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
00206 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
00207 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
00208 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
00209 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
00210 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
00211 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
00212 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
00213 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
00214 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
00215 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
00216 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
00217 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
00218 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
00219 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
00220 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
00221 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
00222 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
00223 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
00224 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
00225 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
00226 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
00227 };
00228
00229
00230
00231
00232 #define RT \
00233 \
00234 V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
00235 V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
00236 V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
00237 V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
00238 V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
00239 V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
00240 V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
00241 V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
00242 V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
00243 V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
00244 V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
00245 V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
00246 V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
00247 V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
00248 V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
00249 V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
00250 V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
00251 V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
00252 V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
00253 V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
00254 V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
00255 V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
00256 V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
00257 V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
00258 V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
00259 V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
00260 V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
00261 V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
00262 V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
00263 V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
00264 V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
00265 V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
00266 V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
00267 V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
00268 V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
00269 V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
00270 V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
00271 V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
00272 V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
00273 V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
00274 V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
00275 V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
00276 V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
00277 V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
00278 V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
00279 V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
00280 V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
00281 V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
00282 V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
00283 V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
00284 V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
00285 V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
00286 V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
00287 V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
00288 V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
00289 V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
00290 V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
00291 V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
00292 V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
00293 V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
00294 V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
00295 V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
00296 V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
00297 V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
00298
00299 #define V(a,b,c,d) 0x##a##b##c##d
00300 static const unsigned long RT0[256] = { RT };
00301 #undef V
00302
00303 #define V(a,b,c,d) 0x##b##c##d##a
00304 static const unsigned long RT1[256] = { RT };
00305 #undef V
00306
00307 #define V(a,b,c,d) 0x##c##d##a##b
00308 static const unsigned long RT2[256] = { RT };
00309 #undef V
00310
00311 #define V(a,b,c,d) 0x##d##a##b##c
00312 static const unsigned long RT3[256] = { RT };
00313 #undef V
00314
00315 #undef RT
00316
00317
00318
00319
00320 static const unsigned long RCON[10] =
00321 {
00322 0x00000001, 0x00000002, 0x00000004, 0x00000008,
00323 0x00000010, 0x00000020, 0x00000040, 0x00000080,
00324 0x0000001B, 0x00000036
00325 };
00326
00327 #else
00328
00329 #if defined(POLARSSL_AES_ASM)
00330
00331
00332
00333 unsigned char FSb[256];
00334 unsigned long FT0[256];
00335 unsigned long FT1[256];
00336 unsigned long FT2[256];
00337 unsigned long FT3[256];
00338
00339
00340
00341
00342 unsigned char RSb[256];
00343 unsigned long RT0[256];
00344 unsigned long RT1[256];
00345 unsigned long RT2[256];
00346 unsigned long RT3[256];
00347 #else
00348
00349
00350
00351 static unsigned char FSb[256];
00352 static unsigned long FT0[256];
00353 static unsigned long FT1[256];
00354 static unsigned long FT2[256];
00355 static unsigned long FT3[256];
00356
00357
00358
00359
00360 static unsigned char RSb[256];
00361 static unsigned long RT0[256];
00362 static unsigned long RT1[256];
00363 static unsigned long RT2[256];
00364 static unsigned long RT3[256];
00365 #endif
00366
00367
00368
00369
00370 static unsigned long RCON[10];
00371
00372
00373
00374
00375 #define ROTL8(x) ( ( x << 8 ) & 0xFFFFFFFF ) | ( x >> 24 )
00376 #define XTIME(x) ( ( x << 1 ) ^ ( ( x & 0x80 ) ? 0x1B : 0x00 ) )
00377 #define MUL(x,y) ( ( x && y ) ? pow[(log[x]+log[y]) % 255] : 0 )
00378
00379 static int aes_init_done = 0;
00380
00381 static void aes_gen_tables( void )
00382 {
00383 int i, x, y, z;
00384 int pow[256];
00385 int log[256];
00386
00387
00388
00389
00390 for( i = 0, x = 1; i < 256; i++ )
00391 {
00392 pow[i] = x;
00393 log[x] = i;
00394 x = ( x ^ XTIME( x ) ) & 0xFF;
00395 }
00396
00397
00398
00399
00400 for( i = 0, x = 1; i < 10; i++ )
00401 {
00402 RCON[i] = (unsigned long) x;
00403 x = XTIME( x ) & 0xFF;
00404 }
00405
00406
00407
00408
00409 FSb[0x00] = 0x63;
00410 RSb[0x63] = 0x00;
00411
00412 for( i = 1; i < 256; i++ )
00413 {
00414 x = pow[255 - log[i]];
00415
00416 y = x; y = ( (y << 1) | (y >> 7) ) & 0xFF;
00417 x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
00418 x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
00419 x ^= y; y = ( (y << 1) | (y >> 7) ) & 0xFF;
00420 x ^= y ^ 0x63;
00421
00422 FSb[i] = (unsigned char) x;
00423 RSb[x] = (unsigned char) i;
00424 }
00425
00426
00427
00428
00429 for( i = 0; i < 256; i++ )
00430 {
00431 x = FSb[i];
00432 y = XTIME( x ) & 0xFF;
00433 z = ( y ^ x ) & 0xFF;
00434
00435 FT0[i] = ( (unsigned long) y ) ^
00436 ( (unsigned long) x << 8 ) ^
00437 ( (unsigned long) x << 16 ) ^
00438 ( (unsigned long) z << 24 );
00439
00440 FT1[i] = ROTL8( FT0[i] );
00441 FT2[i] = ROTL8( FT1[i] );
00442 FT3[i] = ROTL8( FT2[i] );
00443
00444 x = RSb[i];
00445
00446 RT0[i] = ( (unsigned long) MUL( 0x0E, x ) ) ^
00447 ( (unsigned long) MUL( 0x09, x ) << 8 ) ^
00448 ( (unsigned long) MUL( 0x0D, x ) << 16 ) ^
00449 ( (unsigned long) MUL( 0x0B, x ) << 24 );
00450
00451 RT1[i] = ROTL8( RT0[i] );
00452 RT2[i] = ROTL8( RT1[i] );
00453 RT3[i] = ROTL8( RT2[i] );
00454 }
00455 }
00456
00457 #endif
00458
00459
00460
00461
00462 int aes_setkey_enc( aes_context *ctx, unsigned char *key, int keysize )
00463 {
00464 int i;
00465 unsigned long *RK;
00466
00467 #if !defined(POLARSSL_AES_ROM_TABLES)
00468 if( aes_init_done == 0 )
00469 {
00470 aes_gen_tables();
00471 aes_init_done = 1;
00472 }
00473 #endif
00474
00475 switch( keysize )
00476 {
00477 case 128: ctx->nr = 10; break;
00478 case 192: ctx->nr = 12; break;
00479 case 256: ctx->nr = 14; break;
00480 default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH );
00481 }
00482
00483 #if defined(PADLOCK_ALIGN16)
00484 ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
00485 #else
00486 ctx->rk = RK = ctx->buf;
00487 #endif
00488
00489 for( i = 0; i < (keysize >> 5); i++ )
00490 {
00491 GET_ULONG_LE( RK[i], key, i << 2 );
00492 }
00493
00494 switch( ctx->nr )
00495 {
00496 case 10:
00497
00498 for( i = 0; i < 10; i++, RK += 4 )
00499 {
00500 RK[4] = RK[0] ^ RCON[i] ^
00501 ( (unsigned long) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^
00502 ( (unsigned long) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^
00503 ( (unsigned long) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^
00504 ( (unsigned long) FSb[ ( RK[3] ) & 0xFF ] << 24 );
00505
00506 RK[5] = RK[1] ^ RK[4];
00507 RK[6] = RK[2] ^ RK[5];
00508 RK[7] = RK[3] ^ RK[6];
00509 }
00510 break;
00511
00512 case 12:
00513
00514 for( i = 0; i < 8; i++, RK += 6 )
00515 {
00516 RK[6] = RK[0] ^ RCON[i] ^
00517 ( (unsigned long) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^
00518 ( (unsigned long) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^
00519 ( (unsigned long) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^
00520 ( (unsigned long) FSb[ ( RK[5] ) & 0xFF ] << 24 );
00521
00522 RK[7] = RK[1] ^ RK[6];
00523 RK[8] = RK[2] ^ RK[7];
00524 RK[9] = RK[3] ^ RK[8];
00525 RK[10] = RK[4] ^ RK[9];
00526 RK[11] = RK[5] ^ RK[10];
00527 }
00528 break;
00529
00530 case 14:
00531
00532 for( i = 0; i < 7; i++, RK += 8 )
00533 {
00534 RK[8] = RK[0] ^ RCON[i] ^
00535 ( (unsigned long) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^
00536 ( (unsigned long) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^
00537 ( (unsigned long) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^
00538 ( (unsigned long) FSb[ ( RK[7] ) & 0xFF ] << 24 );
00539
00540 RK[9] = RK[1] ^ RK[8];
00541 RK[10] = RK[2] ^ RK[9];
00542 RK[11] = RK[3] ^ RK[10];
00543
00544 RK[12] = RK[4] ^
00545 ( (unsigned long) FSb[ ( RK[11] ) & 0xFF ] ) ^
00546 ( (unsigned long) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^
00547 ( (unsigned long) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^
00548 ( (unsigned long) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 );
00549
00550 RK[13] = RK[5] ^ RK[12];
00551 RK[14] = RK[6] ^ RK[13];
00552 RK[15] = RK[7] ^ RK[14];
00553 }
00554 break;
00555
00556 default:
00557
00558 break;
00559 }
00560
00561 return( 0 );
00562 }
00563
00564
00565
00566
00567 int aes_setkey_dec( aes_context *ctx, unsigned char *key, int keysize )
00568 {
00569 int i, j;
00570 aes_context cty;
00571 unsigned long *RK;
00572 unsigned long *SK;
00573 int ret;
00574
00575 switch( keysize )
00576 {
00577 case 128: ctx->nr = 10; break;
00578 case 192: ctx->nr = 12; break;
00579 case 256: ctx->nr = 14; break;
00580 default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH );
00581 }
00582
00583 #if defined(PADLOCK_ALIGN16)
00584 ctx->rk = RK = PADLOCK_ALIGN16( ctx->buf );
00585 #else
00586 ctx->rk = RK = ctx->buf;
00587 #endif
00588
00589 ret = aes_setkey_enc( &cty, key, keysize );
00590 if( ret != 0 )
00591 return( ret );
00592
00593 SK = cty.rk + cty.nr * 4;
00594
00595 *RK++ = *SK++;
00596 *RK++ = *SK++;
00597 *RK++ = *SK++;
00598 *RK++ = *SK++;
00599
00600 for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
00601 {
00602 for( j = 0; j < 4; j++, SK++ )
00603 {
00604 *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^
00605 RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^
00606 RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^
00607 RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ];
00608 }
00609 }
00610
00611 *RK++ = *SK++;
00612 *RK++ = *SK++;
00613 *RK++ = *SK++;
00614 *RK++ = *SK++;
00615
00616 memset( &cty, 0, sizeof( aes_context ) );
00617
00618 return( 0 );
00619 }
00620
00621 #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
00622 { \
00623 X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \
00624 FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
00625 FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
00626 FT3[ ( Y3 >> 24 ) & 0xFF ]; \
00627 \
00628 X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \
00629 FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
00630 FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
00631 FT3[ ( Y0 >> 24 ) & 0xFF ]; \
00632 \
00633 X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \
00634 FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
00635 FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
00636 FT3[ ( Y1 >> 24 ) & 0xFF ]; \
00637 \
00638 X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \
00639 FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
00640 FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
00641 FT3[ ( Y2 >> 24 ) & 0xFF ]; \
00642 }
00643
00644 #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \
00645 { \
00646 X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \
00647 RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \
00648 RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \
00649 RT3[ ( Y1 >> 24 ) & 0xFF ]; \
00650 \
00651 X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \
00652 RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \
00653 RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \
00654 RT3[ ( Y2 >> 24 ) & 0xFF ]; \
00655 \
00656 X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \
00657 RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \
00658 RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \
00659 RT3[ ( Y3 >> 24 ) & 0xFF ]; \
00660 \
00661 X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \
00662 RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \
00663 RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \
00664 RT3[ ( Y0 >> 24 ) & 0xFF ]; \
00665 }
00666
00667
00668
00669
00670 #if !defined(POLARSSL_AES_ASM)
00671 void aes_crypt_ecb( aes_context *ctx,
00672 int mode,
00673 unsigned char input[16],
00674 unsigned char output[16] )
00675 {
00676 int i;
00677 unsigned long *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
00678
00679 #if defined(POLARSSL_PADLOCK_C) && defined(POLARSSL_HAVE_X86)
00680 if( padlock_supports( PADLOCK_ACE ) )
00681 {
00682 if( padlock_xcryptecb( ctx, mode, input, output ) == 0 )
00683 return;
00684 }
00685 #endif
00686
00687 RK = ctx->rk;
00688
00689 GET_ULONG_LE( X0, input, 0 ); X0 ^= *RK++;
00690 GET_ULONG_LE( X1, input, 4 ); X1 ^= *RK++;
00691 GET_ULONG_LE( X2, input, 8 ); X2 ^= *RK++;
00692 GET_ULONG_LE( X3, input, 12 ); X3 ^= *RK++;
00693
00694 if( mode == AES_DECRYPT )
00695 {
00696 for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
00697 {
00698 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
00699 AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
00700 }
00701
00702 AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
00703
00704 X0 = *RK++ ^ \
00705 ( (unsigned long) RSb[ ( Y0 ) & 0xFF ] ) ^
00706 ( (unsigned long) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
00707 ( (unsigned long) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
00708 ( (unsigned long) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
00709
00710 X1 = *RK++ ^ \
00711 ( (unsigned long) RSb[ ( Y1 ) & 0xFF ] ) ^
00712 ( (unsigned long) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
00713 ( (unsigned long) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
00714 ( (unsigned long) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
00715
00716 X2 = *RK++ ^ \
00717 ( (unsigned long) RSb[ ( Y2 ) & 0xFF ] ) ^
00718 ( (unsigned long) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
00719 ( (unsigned long) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
00720 ( (unsigned long) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
00721
00722 X3 = *RK++ ^ \
00723 ( (unsigned long) RSb[ ( Y3 ) & 0xFF ] ) ^
00724 ( (unsigned long) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
00725 ( (unsigned long) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
00726 ( (unsigned long) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
00727 }
00728 else
00729 {
00730 for( i = (ctx->nr >> 1) - 1; i > 0; i-- )
00731 {
00732 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
00733 AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 );
00734 }
00735
00736 AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 );
00737
00738 X0 = *RK++ ^ \
00739 ( (unsigned long) FSb[ ( Y0 ) & 0xFF ] ) ^
00740 ( (unsigned long) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^
00741 ( (unsigned long) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^
00742 ( (unsigned long) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 );
00743
00744 X1 = *RK++ ^ \
00745 ( (unsigned long) FSb[ ( Y1 ) & 0xFF ] ) ^
00746 ( (unsigned long) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^
00747 ( (unsigned long) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^
00748 ( (unsigned long) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 );
00749
00750 X2 = *RK++ ^ \
00751 ( (unsigned long) FSb[ ( Y2 ) & 0xFF ] ) ^
00752 ( (unsigned long) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^
00753 ( (unsigned long) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^
00754 ( (unsigned long) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 );
00755
00756 X3 = *RK++ ^ \
00757 ( (unsigned long) FSb[ ( Y3 ) & 0xFF ] ) ^
00758 ( (unsigned long) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^
00759 ( (unsigned long) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^
00760 ( (unsigned long) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 );
00761 }
00762
00763 PUT_ULONG_LE( X0, output, 0 );
00764 PUT_ULONG_LE( X1, output, 4 );
00765 PUT_ULONG_LE( X2, output, 8 );
00766 PUT_ULONG_LE( X3, output, 12 );
00767 }
00768 #endif
00769
00770
00771
00772
00773 void aes_crypt_cbc( aes_context *ctx,
00774 int mode,
00775 int length,
00776 unsigned char iv[16],
00777 unsigned char *input,
00778 unsigned char *output )
00779 {
00780 int i;
00781 unsigned char temp[16];
00782
00783 #if defined(POLARSSL_PADLOCK_C) && defined(POLARSSL_HAVE_X86)
00784 if( padlock_supports( PADLOCK_ACE ) )
00785 {
00786 if( padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
00787 return;
00788 }
00789 #endif
00790
00791 if( mode == AES_DECRYPT )
00792 {
00793 while( length > 0 )
00794 {
00795 memcpy( temp, input, 16 );
00796 aes_crypt_ecb( ctx, mode, input, output );
00797
00798 for( i = 0; i < 16; i++ )
00799 output[i] = (unsigned char)( output[i] ^ iv[i] );
00800
00801 memcpy( iv, temp, 16 );
00802
00803 input += 16;
00804 output += 16;
00805 length -= 16;
00806 }
00807 }
00808 else
00809 {
00810 while( length > 0 )
00811 {
00812 for( i = 0; i < 16; i++ )
00813 output[i] = (unsigned char)( input[i] ^ iv[i] );
00814
00815 aes_crypt_ecb( ctx, mode, output, output );
00816 memcpy( iv, output, 16 );
00817
00818 input += 16;
00819 output += 16;
00820 length -= 16;
00821 }
00822 }
00823 }
00824
00825
00826
00827
00828 void aes_crypt_cfb128( aes_context *ctx,
00829 int mode,
00830 int length,
00831 int *iv_off,
00832 unsigned char iv[16],
00833 unsigned char *input,
00834 unsigned char *output )
00835 {
00836 int c, n = *iv_off;
00837
00838 if( mode == AES_DECRYPT )
00839 {
00840 while( length-- )
00841 {
00842 if( n == 0 )
00843 aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
00844
00845 c = *input++;
00846 *output++ = (unsigned char)( c ^ iv[n] );
00847 iv[n] = (unsigned char) c;
00848
00849 n = (n + 1) & 0x0F;
00850 }
00851 }
00852 else
00853 {
00854 while( length-- )
00855 {
00856 if( n == 0 )
00857 aes_crypt_ecb( ctx, AES_ENCRYPT, iv, iv );
00858
00859 iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
00860
00861 n = (n + 1) & 0x0F;
00862 }
00863 }
00864
00865 *iv_off = n;
00866 }
00867
00868 #if defined(POLARSSL_SELF_TEST)
00869
00870 #include <stdio.h>
00871
00872
00873
00874
00875
00876
00877 static const unsigned char aes_test_ecb_dec[3][16] =
00878 {
00879 { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58,
00880 0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 },
00881 { 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2,
00882 0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 },
00883 { 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D,
00884 0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE }
00885 };
00886
00887 static const unsigned char aes_test_ecb_enc[3][16] =
00888 {
00889 { 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73,
00890 0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F },
00891 { 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11,
00892 0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 },
00893 { 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D,
00894 0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 }
00895 };
00896
00897 static const unsigned char aes_test_cbc_dec[3][16] =
00898 {
00899 { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73,
00900 0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 },
00901 { 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75,
00902 0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B },
00903 { 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75,
00904 0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 }
00905 };
00906
00907 static const unsigned char aes_test_cbc_enc[3][16] =
00908 {
00909 { 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84,
00910 0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D },
00911 { 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB,
00912 0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 },
00913 { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5,
00914 0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 }
00915 };
00916
00917
00918
00919
00920
00921
00922 static const unsigned char aes_test_cfb128_key[3][32] =
00923 {
00924 { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
00925 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C },
00926 { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
00927 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
00928 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B },
00929 { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
00930 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
00931 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
00932 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
00933 };
00934
00935 static const unsigned char aes_test_cfb128_iv[16] =
00936 {
00937 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
00938 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
00939 };
00940
00941 static const unsigned char aes_test_cfb128_pt[64] =
00942 {
00943 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
00944 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
00945 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
00946 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
00947 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
00948 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
00949 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
00950 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
00951 };
00952
00953 static const unsigned char aes_test_cfb128_ct[3][64] =
00954 {
00955 { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20,
00956 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A,
00957 0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F,
00958 0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B,
00959 0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40,
00960 0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF,
00961 0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E,
00962 0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 },
00963 { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB,
00964 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74,
00965 0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21,
00966 0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A,
00967 0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1,
00968 0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9,
00969 0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0,
00970 0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF },
00971 { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B,
00972 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60,
00973 0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8,
00974 0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B,
00975 0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92,
00976 0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9,
00977 0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8,
00978 0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 }
00979 };
00980
00981
00982
00983
00984 int aes_self_test( int verbose )
00985 {
00986 int i, j, u, v, offset;
00987 unsigned char key[32];
00988 unsigned char buf[64];
00989 unsigned char prv[16];
00990 unsigned char iv[16];
00991 aes_context ctx;
00992
00993 memset( key, 0, 32 );
00994
00995
00996
00997
00998 for( i = 0; i < 6; i++ )
00999 {
01000 u = i >> 1;
01001 v = i & 1;
01002
01003 if( verbose != 0 )
01004 printf( " AES-ECB-%3d (%s): ", 128 + u * 64,
01005 ( v == AES_DECRYPT ) ? "dec" : "enc" );
01006
01007 memset( buf, 0, 16 );
01008
01009 if( v == AES_DECRYPT )
01010 {
01011 aes_setkey_dec( &ctx, key, 128 + u * 64 );
01012
01013 for( j = 0; j < 10000; j++ )
01014 aes_crypt_ecb( &ctx, v, buf, buf );
01015
01016 if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 )
01017 {
01018 if( verbose != 0 )
01019 printf( "failed\n" );
01020
01021 return( 1 );
01022 }
01023 }
01024 else
01025 {
01026 aes_setkey_enc( &ctx, key, 128 + u * 64 );
01027
01028 for( j = 0; j < 10000; j++ )
01029 aes_crypt_ecb( &ctx, v, buf, buf );
01030
01031 if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 )
01032 {
01033 if( verbose != 0 )
01034 printf( "failed\n" );
01035
01036 return( 1 );
01037 }
01038 }
01039
01040 if( verbose != 0 )
01041 printf( "passed\n" );
01042 }
01043
01044 if( verbose != 0 )
01045 printf( "\n" );
01046
01047
01048
01049
01050 for( i = 0; i < 6; i++ )
01051 {
01052 u = i >> 1;
01053 v = i & 1;
01054
01055 if( verbose != 0 )
01056 printf( " AES-CBC-%3d (%s): ", 128 + u * 64,
01057 ( v == AES_DECRYPT ) ? "dec" : "enc" );
01058
01059 memset( iv , 0, 16 );
01060 memset( prv, 0, 16 );
01061 memset( buf, 0, 16 );
01062
01063 if( v == AES_DECRYPT )
01064 {
01065 aes_setkey_dec( &ctx, key, 128 + u * 64 );
01066
01067 for( j = 0; j < 10000; j++ )
01068 aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
01069
01070 if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 )
01071 {
01072 if( verbose != 0 )
01073 printf( "failed\n" );
01074
01075 return( 1 );
01076 }
01077 }
01078 else
01079 {
01080 aes_setkey_enc( &ctx, key, 128 + u * 64 );
01081
01082 for( j = 0; j < 10000; j++ )
01083 {
01084 unsigned char tmp[16];
01085
01086 aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
01087
01088 memcpy( tmp, prv, 16 );
01089 memcpy( prv, buf, 16 );
01090 memcpy( buf, tmp, 16 );
01091 }
01092
01093 if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 )
01094 {
01095 if( verbose != 0 )
01096 printf( "failed\n" );
01097
01098 return( 1 );
01099 }
01100 }
01101
01102 if( verbose != 0 )
01103 printf( "passed\n" );
01104 }
01105
01106 if( verbose != 0 )
01107 printf( "\n" );
01108
01109
01110
01111
01112 for( i = 0; i < 6; i++ )
01113 {
01114 u = i >> 1;
01115 v = i & 1;
01116
01117 if( verbose != 0 )
01118 printf( " AES-CFB128-%3d (%s): ", 128 + u * 64,
01119 ( v == AES_DECRYPT ) ? "dec" : "enc" );
01120
01121 memcpy( iv, aes_test_cfb128_iv, 16 );
01122 memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 );
01123
01124 offset = 0;
01125 aes_setkey_enc( &ctx, key, 128 + u * 64 );
01126
01127 if( v == AES_DECRYPT )
01128 {
01129 memcpy( buf, aes_test_cfb128_ct[u], 64 );
01130 aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
01131
01132 if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 )
01133 {
01134 if( verbose != 0 )
01135 printf( "failed\n" );
01136
01137 return( 1 );
01138 }
01139 }
01140 else
01141 {
01142 memcpy( buf, aes_test_cfb128_pt, 64 );
01143 aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
01144
01145 if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 )
01146 {
01147 if( verbose != 0 )
01148 printf( "failed\n" );
01149
01150 return( 1 );
01151 }
01152 }
01153
01154 if( verbose != 0 )
01155 printf( "passed\n" );
01156 }
01157
01158
01159 if( verbose != 0 )
01160 printf( "\n" );
01161
01162 return( 0 );
01163 }
01164
01165 #endif
01166
01167 #endif